Description:

Sr. Manager- GRC

Location: Mumbai Lower Parel

Joining: Immediate Joiners Preferred

CTC: As per Industry Standards

Qualifications & Experience:

Minimum Requirements:

- Experience: 8 +years in Information Security GRC, with at least 4 years in a leadership/managerial role.

- Mandatory Certifications: At least one of CISA, CISM, or CISSP.

- Technical Expertise: Hands-on experience implementing or auditing RBI, SEBI, and ISO 27001 frameworks.

- Education: Bachelors degree in IT, Computer Science, or a related field.

Preferred Qualifications:

- Prior experience in Big 4 consulting or specialized boutique cyber security firms.

- Privacy Certifications: CIPP/E, CIPM, or CDPO (specifically for DPDP Act implementation).

- Advanced Risk: CRISC certification.

- Education: MBA or Masters in Information Security Management.

Role Summary:

The Lead GRC Consultant will be responsible for overseeing the delivery of Audit, Risk, Compliance, and Privacy consulting services. This role involves managing enterprise-level engagements, ensuring regulatory alignment for clients, and providing expert advisory on complex security frameworks. The Lead will also be responsible for team leadership, methodology design and maintaining high-quality delivery standards.

Key Responsibilities:

1. Engagement & Portfolio Management

- Oversee the end-to-end delivery of GRC consulting projects (Audit, Compliance, and Privacy).

- Align security and regulatory programs with client business objectives and risk appetite.

- Develop long-term risk management and regulatory transformation roadmaps for clients.

2. Regulatory Advisory

Provide expert interpretation of Indian and global regulations, including:

- RBI Cyber Security Frameworks (Banks & NBFCs)

- SEBI Cyber & IT Guidelines

- DPDP Act, CERT-In Directions, and NIST Framework

- ISO 27001:2022

- Formulate defensible compliance positions and advisory reports for regulatory submission.

3. Executive Stakeholder Management

- Act as the primary point of contact for CXOs, CISOs, and Risk Heads.

- Translate technical audit findings into operational and financial risk language for board level reporting.

- Assist clients in securing approvals for security investments and compliance initiatives.

4. Quality Governance

- Act as the final authority for technical review and quality assurance of all client deliverables.

- Manage escalations related to project delivery and regulatory risks.

- Ensure all audit reports and attestations meet industry and regulatory benchmarks.

5. Practice Development

- Define GRC delivery methodologies, operating models, and standardized templates.

- Lead recruitment efforts for senior and niche domain roles within the GRC practice.

- Mentor team members and define competency frameworks and career paths.